Pluginv0.4.2

ClawScan security

FTAL Quality Scoring · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 28, 2026, 8:16 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The plugin's code, requirements, and runtime behavior are consistent with a reply-quality scoring plugin — it does scoring, keeps only compact in-memory metadata, and does not request unrelated credentials or perform external network/exfiltration.
Guidance: This plugin appears coherent and implements an in-memory scoring/rubric system without exfiltrating messages or requiring secrets. Before installing: (1) confirm you trust the plugin author if you will enable useFinalize/allowConversationAccess — that hook gives the plugin access to conversation content and can block/revise replies; (2) review config options (rubric, retryEnabled, useFinalize, maxRevisions) to control when it requests revisions; (3) note FtalStore is exported so other plugins can read score metadata (but raw reply text is not stored); (4) the repo includes a lockfile with many transitive packages from dev/peer deps — this is expected but you may want to install and audit dependencies in a test environment before production use.

Review Dimensions

Purpose & Capability: okName/description match the implementation: a rubric-based scoring plugin that registers OpenClaw hooks, scores replies, and optionally requests revisions. No unrelated environment variables, binaries, or external credentials are required. The included lockfile contains many transitive packages (e.g., AWS SDKs) but they come from dev/peer dependencies (openclaw) and are not used by the plugin code.
Instruction Scope: okRuntime instructions (the plugin code and hooks) operate only on agent messages, session/run identifiers, and ephemeral teaching context. It extracts assistant text, computes dimension scores, writes compact score metadata to an in-memory store, and may inject a small 'teaching' prependContext into the next prompt. It does not read arbitrary files, environment variables, or send data to external endpoints.
Install Mechanism: okNo install spec is provided (instruction-only in registry metadata), so nothing arbitrary is downloaded or executed during install. The repository includes source and a pnpm lockfile; runtime dependencies are minimal (zod + openclaw peer dep). There are no downloads from untrusted URLs or extract steps in the manifest.
Credentials: okThe plugin declares no required environment variables or credentials. All data it stores are compact scoring metadata (rubric id, dimension scores, gap, confidence) and explicit comments/state say that raw reply text is not persisted. The presence of AWS-related packages in pnpm-lock is a transitive artifact of dev/peer deps, not a declared requirement.
Persistence & Privilege: noteThe plugin uses a same-process in-memory singleton store (non-durable) and exports it so other plugins can read score metadata; this is coherent for inter-plugin integrations but means other trusted plugins can access scores. It can register the before_agent_finalize hook (when configured via useFinalize), which requires conversation access and can block delivery/request revisions — be aware enabling that hook grants the plugin visibility into conversation state as required by OpenClaw's hook model.